globalping-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill mandates the use of 'https://rube.app/mcp' as an MCP server. This domain is not a trusted source, and connecting an agent to an unverified endpoint allows the external service to influence agent operations.
- REMOTE_CODE_EXECUTION (HIGH): The inclusion of 'RUBE_REMOTE_WORKBENCH' and 'run_composio_tool' indicates capabilities for remote task execution. Since the logic for these tasks is retrieved dynamically from an untrusted URL, it constitutes a remote code execution risk.
- COMMAND_EXECUTION (HIGH): The skill executes tools via 'RUBE_MULTI_EXECUTE_TOOL' using schemas and plans provided by the remote server at runtime. This prevents static verification of the commands being run.
- PROMPT_INJECTION (HIGH): The skill is susceptible to indirect prompt injection because it is designed to fetch and follow 'recommended execution plans' from a remote source. A malicious response from the server could override agent safety instructions. Mandatory Evidence Chain (Category 8): 1. Ingestion point: RUBE_SEARCH_TOOLS response. 2. Boundary markers: Absent. 3. Capability inventory: Remote tool execution and workbench access. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata